<!--
 ~ The MIT License
 ~
 ~ Copyright (c) 2011-2013, CloudBees, Inc., Kohsuke Kawaguchi.
 ~
 ~ Permission is hereby granted, free of charge, to any person obtaining a copy
 ~ of this software and associated documentation files (the "Software"), to deal
 ~ in the Software without restriction, including without limitation the rights
 ~ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 ~ copies of the Software, and to permit persons to whom the Software is
 ~ furnished to do so, subject to the following conditions:
 ~
 ~ The above copyright notice and this permission notice shall be included in
 ~ all copies or substantial portions of the Software.
 ~
 ~ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 ~ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 ~ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 ~ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 ~ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 ~ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 ~ THE SOFTWARE.
 -->

<div>
    Determines where this credential can be used.

    <dl>
        <dt>System</dt>
        <dd>
            This credential is only available to the object on which the credential is associated. Typically you would
            use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the
            Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts
            where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
        </dd>
        <dt>Global</dt>
        <dd>
            This credential is available to the object on which the credential is associated and all objects that are
            children of that object. Typically you would use global-scoped credentials for things that are needed by
            jobs.
        </dd>
        <!--
            not listing USER scope here because it's hard to imagine the User scoped used anywhere else
            except UserCredentialsProvider, which only uses the USER scope and thus this help page is moot.
        -->
    </dl>

    <p>
    In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins")
    and then used in another place (e.g., when connecting to a new SSH build agent).
    The scope allows you to say "this credential is only used by these places" by looking at the relationship
    between the two locations.
</div>
